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Computing Elementary Symmetric Polynomials with a 
Sublinear Number of Multiplications 

Preliminary version 
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Abstract 



, Elementary symmetric polynomials are used as a benchmark for the bounded- 

^ ' depth arithmetic circuit model of computation. In this work we prove that modulo 

^ I composite numbers m = piP2 can be computed with much fewer multiplications than over 

any field, if the coefficients of monomials Xi-^Xi^ ■ ■ ■ are allowed to be 1 either mod pi 
or mod p2 but not necessarily both. More exactly, we prove that for any constant k such 
^ ' a representation of can be computed modulo piP2 using only exp(0(v'log n log log n)) 

^\ [ multiplications on the most restricted depth-3 arithmetic circuits, for min(pi,p2) > k\. 

' Moreover, the number of multiplications remain sublinear while k — O(loglogn). In 

I contrast, the well-known Graham-Pollack bound yields an n — 1 lower bound for the 

number of multiplications even for the exact computation (not the representation) of S^. 
I Our results generalize for other non-prime power composite moduli as well. The proof 

■ uses the famous BBR-polynomial of Barrington, Beigel and Rudich. 



1 Introduction 



" I 

^ ' Surprising ideas sometimes lead to considerable improvements in algorithms even for the 

■ simplest computational tasks, let us mention here the integer- multiplication algorithm of 



Karatsuba and Ofman | K063 | and the matrix- multiplication algorithm of Strassen | Str69 | 



A new field with surprising algorithms is quantum computing. The most famous and 



celebrated results are Shor's algorithm for integer factorization [3ho97] and Grover's database- 
search algorithm | Gro96[| . 



Since realizable quantum computers can handle only very few bits today, there are no 
practical applications of these fascinating quantum algorithms. 

Computations involving composite, non-prime-power moduli (say, 6), on the other hand, 
can actually be performed on any desktop PC, but, unfortunately, we have only little evidence 
on the power or applicability of computations modulo composite numbers (see, e.g., the circuit 



given by Kahn and Meshulam | KM91 |, or the low-degree polynomial of Barrington, Beigel 
and Rudich [pBR94| ]). 

One of the problems here is the interpretation of the output of the computation. Several 
functions are known to be hard if computed modulo a prime. If we compute the same 
function / with 0-1 values modulo 6, then it will also be computed modulo - say - 3, since 
f{x) = 1 (mod 6) =^ /(x) = 1 (mod 3) and f{x) = (mod 6) =^ f{x) = (mod 3), 
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consequently, computing / this way cannot be easier mod 6 than mod 3. This difficulty 
is circumvened in a certain sense by the definition of the weak representation of Boolean 
functions by mod 6 polynomials, defined in |TB98| and [BBR94]. 



We will consider here another interpretation of the output, called a-strong representation 
(Definition |l|). This definition will be more suitable for computations, where the output is a 
polynomial and not just a number. 

Our goal is to compute elementary symmetric polynomials 



ok 



E n 

/C{l,2,...,n} iel 
J|=fe 



modulo non-prime-power composite numbers with a much smaller number of multiplications 
than it is possible over rationals or prime moduli. 

Our model of computation is the arithmetic circuit model of depth 3, circuits in this 
model are often called SHE circuits fRSVOCl] , jShj . 

SnS circuits perform computations of the following form: 



i=lj=l 



If all the h 



and all the Sj's are the same number, then the circuit is called a 
homogeneous circuit, otherwise it is inhomogeneous. The size of the circuit is the number of 
gates in it: 1 + r + X^Li ^i- 



A special class of homogeneous SIIS circuits is called in [ RSVOC ] the graph model: here all 



Si = 2 and all aiji coefficients are equal to 1, and, moreover, the clauses of a product cannot 
contain the same variable twice. Consequently, such a product corresponds to a complete 
bipartite graph on the variables as vertices. 



Graham and Pollack [ GP72 ] asked that how many edge-disjoint bipartite graphs can cover 
the edges of an n-vertex complete graph. They proved that n — 1 bipartite graphs are suf- 
ficient and necessary. Later, Tverberg gave a very nice proof for this statement [TyeS^]. 



Having relaxed the disjointness-property, Babai and Frankl [BF92| asked that what is the 
minimum number of bipartite-graphs, which covers every edge of an n-vertex complete graph 
by an odd multiplicity. Babai and Frankl proved that (n — l)/2 bipartite graphs are neces- 
sary. The optimum upper bound for the odd-cover was proved by Radhakrishnan, Sen and 



Vishwanathan | RSVOO |. Radhakrishnan, Sen and Vishwanathan also gave matching upper 
bounds for covers, when the off-diagonal elements of matrix M are covered by multiplicity 1 
modulo a prime. 

By a result of Ben-Or |Shp ], every elementary symmetric polynomial (and similarly, 
every symmetric function) can be computed over fields by size-O(n^) inhomogeneous SIIS 
circuits, using one-variable polynomial interpolation. This result shows the power of arith- 
metic circuits over Boolean circuits with MOD p gates, since as it was proved by Razborov 
|Raz87] and Smolensky [^mo87 | that MAJORITY - a symmetric function - needs exponential 
size to be computed on any bounded-depth Boolean circuits. 

Note, that our construction with homogeneous circuits beats this bound for small fc's. 
can be naturally computed by (^) product-gates by a homogeneous SnS circuit over 
any ring by the circuit of (1). 

Nisan and Wigderson [NW97] showed that any homogeneous SIIS circuit needs size 
Q((n/2/c)'^/^) for computing S^. This result shows that the homogeneous circuits are much 
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weaker in computing elementary symmetric polynomials than the inhomogeneous ones. Nisan 
and Wigderson also examined bilinear and multi- linear circuits in [NW97|. Note that the cir- 
cuits in our constructions for S^{x, y) and for S^{x^,x'^, . . . , x^) are also multi-linear circuits. 

We should note, that exponential lower bounds were proved recently for simple functions 
for SHE circuits by Grigoriev and Razborov [ GROC ] and by Grigoriev and Karpinski [ GK98 1 . 

Most recently, Raz and Shpilka got nice lower bound results for constant-depth arithmetic 
circuits [ RS01 |, and Raz [ Raz02 | proved a Q{n? logn) lower bound for matrix- multiplication 
in this model, solving a long-standing open problem. 



1.1 Alternative strong representation of polynomials 

Several authors (e.g., [TBQS], [|BBR94 |) defined the weak and strong representations of 
Boolean functions for integer moduli. Here we need the definition of a sort of strong repre- 
sentation of polynomials modulo composite numbers. We call this representation alternative- 
strong representation, abbreviated a-strong representation: 

Definition 1 Let m be a composite number m = p^^p^ • • • p^/ ■ Let denote the ring of 
modulo m integers. Let f be a polynomial of n variables over Zm- 

f{xi,X2, ...,Xn)= '^'f^'f' 
/C{l,2,...,n} 

where aj £ Zm, xi = Hie/ ^i- Then we say that 

g{xi,X2,...,Xn)= Y bixi, 

/C{l,2,...,n} 

is an a-strong representation of f modulo m, if 

V/C {l,2,...,n} 3j G{l,2,...,i} : aj = bj (mod p^O, 
and if for some i, aj ^ bj (mod p^'), then bj = (mod pi'). 



Example 2 Let m = 6, and let f{xi,X2,X3) = xiX2 + X2X3 + xixs, then g{xi, X2, , X3) = 
3xiX2 + 4x2^3 + 2^1X3 is an a-strong representation of f modulo 6. 

Note, that the earlier (strong-, weak-) representations of functions contained constraints 
for the value of certain functions. Now we are requiring that the form of the representation 
satisfy modular constraints. 

Our goal in this work is to show that the elementary symmetric polynomials have a-strong 
representations modulo composites which can be computed by much smaller homogeneous 
SHE arithmetic circuits than the original polynomial. 

Unfortunately, we cannot hope for such results for all multivariate polynomials, as it is 
shown by the next Theorem: 

Theorem 3 Let 

n 

f{xi,X2, . . .,Xn,yi,y2, ■■■ ,yn) = ^Xiyi 

1=1 

the inner product function. Suppose that a SHE circuit computes an a-strong representation 
of f modulo 6. Then the circuit must have at least il(n) multiplication gates. 
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Proof: Let g be the a-strong representation of /. Then m g, at least the half of monomials 
Xii/i has coefficients equal to 1 modulo either 2 or 3. Without restricting the generality, let 
us assume that monomials xiyi,X2y2T ■ ■ ,x^n/2']y[n/2] have coefficients 1 modulo 3. When 
we compute g modulo 6 we will learn also the inner product of two vectors modulo 3, each 
consisting of the first [n/2] variables. It is well known that the communication complexity 
of computing the inner product mod 3 is ^}{n) (see e.g., [ pro95 1 ) . 



Since arithmetic SIIS circuits modulo 6 with u multiplication-gates of in-degree 2 can be 
evaluated by a 2-party communication protocol using only 0{u) bits, we get: u = J7(n). □ 

2 Our Constructions 

First we construct a-strong representations with a small number of multiplications for the 
following polynomial: 

i,j6{l,2,...,n} 

and for x = y we will get that 2S^{x) = S'^{x,x), and this will imply our result for any 
composite, odd, non-prime-power moduli m: 

Theorem 4 (i) Let m = piP2, where pi ^ p2 are primes. Then an a-strong representation 
of S^{x,y) modulo m can be computed on a homogeneous SIIS circuit of size 



exp (O ( \/ log n log log n) ) . 

(ii) Let the prime decomposition of m = p^^'P^'i ' ' ■ Then an a-strong representation of 
S'^ {x,y) modulo m can be computed on a homogeneous SIIS circuit of size 



exp I 0( ylog n(log log n)'' ^ 



Corollary 5 (i) Let m = pip2, where pi ^ p2 are odd primes. Then an a-strong represen- 
tation of the second elementary symmetric polynomial S^{x) modulo m can be computed 
on a homogeneous SIIS circuit of size 



exp (O ( V log n log log n ) ) . 

(ii) Let the prime decomposition of the odd m be m = p^\ p^2 ' ' ' "PV ■ Then an a-strong 
representation of the second elementary symmetric polynomial S^{x) modulo m can be 
computed on a homogeneous SIIS circuit of size 



exp O Y log n(log log n)'^' 




Since the SHE circuit in our construction correspond to the graph- model |RSVOO|, we 
have the following graph-theoretical corollary, showing a cover with much fewer bipartite 
graphs than in the linear lower bound of Graham and Pollack: 
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Corollary 6 For any m = p'^x'P^2 ' ' ' Pr^ ' there exists an explicitly constructible bipartite 
cover of the edges of the complete n-vertex- graph, such that for all edges e there exists an 
i : 1 < i < r, that the number of the bipartite graphs, covering e is congruent to 1 modulo p^'' . 
Moreover, the total number of the bipartite graphs in the cover is 



exp (o( i^logn(loglogn)'' ^ 



The following theorem gives our result for general k. Our goal is to compute an a-strong 
representation of polynomials S^{x) for n > > 2. Let us first define 



where the summation is done for all kl orders of all k element subsets / = {ii, ^2, • • • , ik} of 
{1, 2, . . . ,n}, and = {x\,X2, ■ ■ ■ ,xl^), ioT i = 1,2, . . . ,k. 



Theorem 7 Let m = P1P2 ■ ■ ■ Pr"" ■ Then an a-strong representation of Slf^(x ,x , 
modulo m can he computed on a homogeneous and multi-linear SIIS circuit of size 



exp I exp(0(fc)) vlogra(log log n \ . 



Note, that this circuit-size is sublinear in n for any constant k and for large enough n. 
Moreover, the sublinearity holds while k < c log log n, for a small enough c > 0. 
For moduli m, relative prime to k\, this implies: 

Corollary 8 If m is relative prime to k\, then an a-strong representation of S^{x) modulo 
m can be computed on a homogeneous EIIS circuit of size 



exp exp(0(A;)) \/log n(log log n 



2.1 The construction for computing S"^ 

Proof: Note, that S'^{x,y) contains the sum of the monomials Xiyj for all ^ 7^ j. Let us 
arrange these monomials as follows: Let x'jS and y'jS be assigned to the rows and columns of 
an n X n matrix M, and the position in row i and column j contains monomial Xiyj'. 



M = 



yi y2 

xi / xiyi xiy2 

X2 X2yi X2y2 

Xn \Xnyi Xny2 



y-a 

Xiyn\ 
X2yn 



(3) 



Xnyn I 



Any product of the form 

(xii + H V XiJ{yj^ + + 



+ yjj 



(4) 



naturally corresponds toavxw submatrix of matrix M. We call these submatrices rectangles. 
Clearly, any a-strong representation modulo m of polynomial S^{x, y) can be got from a cover 
of matrix M by rectangles of the form (4), satisfying the following properties: 
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Property (a): The number of the rectangles covering any elements of the diagonal is a 
multiple of m; 

Property (b): Any non-diagonal element XiUj of M is covered by dij rectangles, where 
either dij = 1 (mod pi) or dij = (mod pi) and dij = 1 (mod p2)- 

Clearly, a (bilinear) SIIS circuit compute an a-strong representation of polynomial 
S'^{x,y) if and only if when the corresponding rectangle-cover satisfies Properties (a) and 



(b). The construction of such a low-cardinality rectangle cover is implicit in papers [GroOOa] 



and p!roOOb |. We present here a short direct proof which is easily generalizable for proving 



the results in the next section for higher dimensional matrices. 
Rectangles, covering M, will be denoted 

R{I,J) = {^Xi){Y^y,). 

We define now an initial cover of the non-diagonal elements of M by rectangles. 
Let N = [logn], and for 1 < i,j < n, let i = {ii,i2, ■ ■ ■ ,ig) and j = (ji,j2, . . . ,jg) denote 
their iV-ary forms (i.e., < it,jt < N — 1, for t = 1,2, . . . , g, where g = [log^(n + 1)].) 
Then let us define for t = 1,2, ... ,g and £ = 0,1, . . . , N — 1: 

I[ = {i:k=i}, Jf = {j:j^^l]. 

Now consider the cover given by the following rectangles: 

R{ll,4):t = l,2,...,g, £ = 0,1, . . . , N - 1. 

Now, in this cover, any element Xiijj of M will be covered by Hi\;{i, j)-i\mes, where 
H]\f{i,j) stands for the Hamming-distance of the N-ary forms of i and j, that is, at most 
g-times. Note, that the diagonal elements are not covered at all, so Property (a) is satisfied, 
while Poperty (b) typically not. 

The total number of covering rectangles \s h = gN = 0((A^ logn)/ log iV). 

Now, our goal is to turn this cover to another one, which already satisfies not only Property 
(a) , but also Property (b) . For this transformation we need to apply a multivariate polynomial 
/ to our rectangle-cover in a very similar way as we applied polynomials to set-systems in 
|Gro01] and to codes in |Gro02]. 



Definition 9 Let Ri,R2, ■ ■ ■ ,Rh be a rectangle- cover of a matrix M = {xiyj}, and let f be 
a h-variable multi-linear polynomial written in the following form: 



f{zi,Z2,...,Zh) = 2^ axZK, 
Kc{l,2,...,h} 



where < ax < m — 1 are integers, and zk = YlkeK ^k- Then the f -transformation of the 
rectangle-cover R1R2, ... ,Rh contains '^K(i{i,2,...,h}^K rectangles, each corresponding to a 
monomial of f . zk = Wki^K ^-^ corresponded to the (possibly empty) rectangle of f]/^,^^ R^- 

Note, that another way of interpreting this definition is as follows: the variables Zk cor- 
respond to the rectangles of the cover, and if we imagine the rectangles filled with I's, then 
the product of the variables, i.e., the monomials, correspond to the Hadamard-product of 
the corresponding all-1 rectangles, resulting an all-1 rectangle, which, in turn, equals to their 
intersection. 

Note also, that polynomial / is, in fact, considered over the ring Z^, with a fixed (small) 
representation of its coefficients from the set of integers. 
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Lemma 10 Let u^^ G {0, 1}'* characterize the rectangle- cover of the entry XiUj of matrix M 
as follows: 

Rs covers XiUj <^=^> u*-' = 1. 

Then entry Xiyj is covered by exactly f{u^^) rectangles from the f -transformation of the 
rectangle- cover Ri, R2, ■ ■ ■ , Rh 



Proof: In f{z), exactly those monomials zk contributes 1 to the value of f{u^^) whose 

ij 



variables are all-1 in vector u'-'. This happens exactly when Uj^ = 1 for all k £ K, that is, 



Xiyj is covered by the intersection of rectangles ClkeK ^k- ^ 
The proof of the following lemma is obvious: 

Lemma 11 The intersection of finitely many rectangles is a (possibly empty) rectangle. Any 
rectangle, covering a part of matrix M of (3) corresponds to a single (bilinear) multiplication. 

□ 

It remains to prove that there exists an /, with a small number of monomials, and with 
properties which leads to a cover, satisfying Properties (a) and (b). We will use the famous 
BBR polynomial of Barrington, Beigel and Rudich [ BBR94| ]: 

Theorem 12 (Barrington, Beigel, Rudich) Letm = p^^p^2 ' ' 'Pr"^ ■ -^'^'^ '^^2/ integers d,i, 
1 < d < i there exists an fd/ explicitly constructible, i-variable, degree-0{d^^^) multilinear 
polynomial with coefficients from Z^a, such that 

(i) for any z G {0, 1}^, which contains at most d 1 's: 

fd,i{z) = (mod m) z = 0, 

(a) If fd/iz) ^ (mod m), then there exists i £ {1, 2, . . . , r}; fd,i{z) = 1 (mod p^'), 
and if fdl{z) ^ 1 (mod p'j), then fd/{z) = (mod pf). 

Proof: The proof of (i) is given in [ BBR94|| . The proof of part (ii) is obvious for Ci = 1 
from the little Fer mat-theorem, and from a lemma of Beigel and Tarui ||BT94| ] (for modulus- 
amplifying), in general. □ 

Now we can prove Theorem ^ part (i), the proof of part (ii) remains to the full version. 
Let m = P1P2, let i = h = gN, d = g. Then fg^gN has 



' h ' 



(5) 



monomials. Consequently, if we transform our cardinality- /i rectangle cover by Definition 
1^ with polynomial fg,gN, then the resulting cover satisfies Properties (a) and (b) and has 
cardinality (5). This implies an exp(0(\/log n log log n)) cover. By Lemma [Tl], a SIIS circuit 
is immediate with exp(0(Vlog n log log n)) multiplication-gates. 
□ 
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2.2 The construction in general 

We describe a construction similarly as in the case k = 2. In this preliminary version we 
prove only the m = piP2, r = 2 case, the proof for general m is analogous. 

First, let M' = {mj^^j2,...,jfc} ^ /c-dimensional analogon of M of equation (3), that is, an 



nxnxnx---xn matrix, where m-jj^jj, ~ ■^\\-^'i2 ' ' ' -^iL' ^o"^ should again construct 
a cover of M', this time with /c-dimensional boxes, corresponding to the /c-linear products 



satisfying that only those entries will be covered, which have no two equal indices, and the 
covering multiplicity of these entries should be non-zero modulo m. 

First we need to define an initial box-cover of those entries of the /c-dimensional matrix 
M', which have no two identical indices. 

For our proof it is very important, that this initial cover has low multiplicity: every 
covered element of M' should be covered only by O(logn) A;-dimensional boxes for constant 
k's. The construction of such initial cover in the k = 2 case was quite easy, now we must use 
some more intricate approach. 

Using a family of perfect hash functions (see e.g., [ PK84 |), for integers n,k,b: 2 < k < 



b = 0{k), k < n, one can obtain a matrix H{n,k,b) = {hij} with u = exp(0(/c)) log n rows 
and n columns, with entries from the set {0, 1, . . . ,b — 1}, such that for any fc-element subset 
J of the n columns, there exists an i : 1 < i < u: 

hij : j G J 

are pairwise different elements of the set {0, 1, . . . , 6 — 1}. 

Matrix H{n, k, b) will be used for the definition of our initial cover as follows: 

For any i : 1 < i < u, and any a : {1, 2, . . . ,k} — > {0, 1, . . . ,b — 1} injective function we 

define the fc-dimensional box: 

R{i,a) = {mj^j2,-,jk ■ hin =(T{l),hij., = a{2), . . . ,hij^ = 
There are u possible i's and A;'^^^) possible cr's, so there are k^^''^ logn boxes in this cover. 
Box R{i , (T ) covers only T^j\,j2,...,jk^ with pairwise different indices. 

Any ^ji,j2,--,jk ■^ith pairwise different indices is covered by exactly that many k- 
dimensional boxes, as the number of rows with pairwise different elements of the sub-matrix, 
containing column j'l, column j2, column jk of matrix H(n, k, b). This number is at least 1 
(from the perfect-hashing property) and at most u (that is, the number of rows of H(n, k, b)). 

Now, exactly as in the proof of the case, we apply the polynomial fd/ of Theorem |l2| 
with d = u, £ = k'^^^^ log n, to this box-cover by Definition U and by the higher-dimensional 



version of Lemma 10 



The result is a box-cover of cardinality exp(exp(0(A;))-v/log n log log n)), proving Theorem 
1^, in case m = piP2- 
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